[Box Backup-commit] COMMIT r2272 - box/trunk/lib/backupclient

boxbackup-dev at fluffy.co.uk boxbackup-dev at fluffy.co.uk
Sat Sep 6 11:50:34 BST 2008


Author: chris
Date: 2008-09-06 11:50:33 +0100 (Sat, 06 Sep 2008)
New Revision: 2272

Modified:
   box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp
Log:
Reformat for readability.

Use SecureZeroMemory rather than memset() to wipe key material on Windows.


Modified: box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp
===================================================================
--- box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp	2008-09-06 10:47:41 UTC (rev 2271)
+++ box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp	2008-09-06 10:50:33 UTC (rev 2272)
@@ -35,33 +35,51 @@
 	
 	// Open the file
 	FileStream file(rKeyMaterialFilename);
+
 	// Read in data
 	if(!file.ReadFullBuffer(KeyMaterial, BACKUPCRYPTOKEYS_FILE_SIZE, 0))
 	{
 		THROW_EXCEPTION(BackupStoreException, CouldntLoadClientKeyMaterial)
 	}
 	
-	// Tell the filename how to encrypt
-	BackupStoreFilenameClear::SetBlowfishKey(KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_KEY_START, BACKUPCRYPTOKEYS_FILENAME_KEY_LENGTH,
-		KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_IV_START, BACKUPCRYPTOKEYS_FILENAME_IV_LENGTH);
-	BackupStoreFilenameClear::SetEncodingMethod(BackupStoreFilename::Encoding_Blowfish);
+	// Setup keys and encoding method for filename encryption
+	BackupStoreFilenameClear::SetBlowfishKey(
+		KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_KEY_START,
+		BACKUPCRYPTOKEYS_FILENAME_KEY_LENGTH,
+		KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_IV_START,
+		BACKUPCRYPTOKEYS_FILENAME_IV_LENGTH);
+	BackupStoreFilenameClear::SetEncodingMethod(
+		BackupStoreFilename::Encoding_Blowfish);
 
-	// Tell the attributes how to encrypt
-	BackupClientFileAttributes::SetBlowfishKey(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START, BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH);
-	// and the secret for hashing
-	BackupClientFileAttributes::SetAttributeHashSecret(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_START, BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_LENGTH);
+	// Setup key for attributes encryption
+	BackupClientFileAttributes::SetBlowfishKey(
+		KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START, 
+		BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH);
 
-	// Tell the files how to encrypt
-	BackupStoreFile::SetBlowfishKeys(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START, BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH,
-		KeyMaterial + BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_START, BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_LENGTH);
+	// Setup secret for attribute hashing
+	BackupClientFileAttributes::SetAttributeHashSecret(
+		KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_START,
+		BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_LENGTH);
+
+	// Setup keys for file data encryption
+	BackupStoreFile::SetBlowfishKeys(
+		KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START,
+		BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH,
+		KeyMaterial + BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_START,
+		BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_LENGTH);
+
 #ifndef HAVE_OLD_SSL
 	// Use AES where available
-	BackupStoreFile::SetAESKey(KeyMaterial + BACKUPCRYPTOKEYS_FILE_AES_KEY_START, BACKUPCRYPTOKEYS_FILE_AES_KEY_LENGTH);
+	BackupStoreFile::SetAESKey(
+		KeyMaterial + BACKUPCRYPTOKEYS_FILE_AES_KEY_START,
+		BACKUPCRYPTOKEYS_FILE_AES_KEY_LENGTH);
 #endif
 
 	// Wipe the key material from memory
-	::memset(KeyMaterial, 0, BACKUPCRYPTOKEYS_FILE_SIZE);
+	#ifdef _MSC_VER // not defined on MinGW
+		SecureZeroMemory(KeyMaterial, BACKUPCRYPTOKEYS_FILE_SIZE);
+	#else
+		::memset(KeyMaterial, 0, BACKUPCRYPTOKEYS_FILE_SIZE);
+	#endif
 }
 
-
-




More information about the Boxbackup-commit mailing list